diff --git a/06-osm-platform-configuration.md b/06-osm-platform-configuration.md index 69968be1f21a1286aab4070b2b30d16b1ff02893..a5af07e59e48c204205b3d14541126918c3cec86 100644 --- a/06-osm-platform-configuration.md +++ b/06-osm-platform-configuration.md @@ -60,9 +60,40 @@ Options: --remove-project TEXT removes project from user: 'project' --add-project-role TEXT adds project,role(s) mapping: 'project,role1,role2,...' --remove-project-role TEXT removes project,role(s) mapping: 'project,role1,role2,...' + --change_password TEXT user old password + --new_password TEXT user new password to change in expiry condition -h, --help Show this message and exit. ``` +### Usage of enable option to enforce password change on first login or password expiry + +This enables password change policy for OSM user's account. If user logins into OSM for the first time or if the password of the user expires after preset number of days, user will be prompted to change the password. + +#### Enabling steps + +- Configure NBI to enable password expiry configuration, by modifying `nbi.cfg`: + + - Set `pwd_expiry_check` as `True` + - Set `days` as `30` + +#### Testing + +- Ensure users are enabled with `/admin/v1/users/ID` (rbac: `users:id:patch`) permission. + +- To change the default password or expired password of an user , execute the following command through CLI. + +```bash +osm --user --password user-update --change_password --new_password +``` + +Example: + +```bash +osm --user test_user --password Test@123 user-update test_user --change_password Test@123 --new_password New@123 +``` + +**Important note:** This password check is excluded for the default "admin" user. + ## Project management Projects can be managed through the UI, by selecting Admin --> Projects on the menu to the left, or using the OSM CLI: @@ -833,4 +864,4 @@ To associate the K8s cluster with a Distributed VCA, follow these steps: 2. Associate the VCA with a VIM account. For more details, see [this](#associate-a-vca-with-a-vim-account) section. 3. Register your K8s cluster associating it to the VIM account added in step 2. For more details, see [this](#management-of-k8s-clusters) section. - Note: if you are not using an actual VIM, in the step 2, set the VIM account type to `dummy` with the following flag: `--account_type dummy`. \ No newline at end of file + Note: if you are not using an actual VIM, in the step 2, set the VIM account type to `dummy` with the following flag: `--account_type dummy`. diff --git a/12-osm-nbi.md b/12-osm-nbi.md index 0c67e5d047f1aaaf576680c4b5841e22f83bfcf1..7eb4cf868589099f8023c75e48ddf5298e074a68 100644 --- a/12-osm-nbi.md +++ b/12-osm-nbi.md @@ -252,6 +252,7 @@ Header field name Reference Example Descriptions - Add role R1, projects P1: `'{add_project_role_mappings: [{project: role: R1}, ...]}'` - Remove role R1, project P1 from user: `{remove_project_role_mappings: [{project: P1, role: R1}]}'` - Remove a project 'P1' (all roles) from user: `{remove_project_role_mappings: [{project: P1}]}'` + - Enforce password change on first login or password expiry: `'{old_password: , password: }'` - DELETE: Removes user.